Slashdot Mirror

← Back to Stories (view on slashdot.org)

iOS 8 Strikes an Unexpected Blow Against Location Tracking

Posted by Unknown on from the waiting-for-obvious-patents dept.

schwit1 (797399) writes 'It wasn't touted onstage, but a new iOS 8 feature is set to cause havoc for location trackers, and score a major win for privacy.As spotted by Frederic Jacobs, the changes have to do with the MAC address used to identify devices within networks. When iOS 8 devices look for a connection, they randomize the MAC address, effectively disguising any trace of the real device until it decides to connect to a network.'

35 of 323 comments (clear)

  1. Apple Actually Cares About Privacy by Anonymous Coward · · Score: 3, Insightful

    Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.

    1. Re:Apple Actually Cares About Privacy by Anonymous Coward · · Score: 5, Insightful

      Apple allready knows who you are and what you are doing and where you are and where you have been ...

    2. Re:Apple Actually Cares About Privacy by Anonymous Coward · · Score: 5, Interesting

      Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.

      No, this is about 3rd parties tracking you - it means your iPhone does not provide its MAC address to the network(s) it has found. This never had anything to do with Apple tracking you nor does not stop Apple from keeping tabs on what networks you have identified while looking for a connection.

    3. Re:Apple Actually Cares About Privacy by fuzzyfuzzyfungus · · Score: 4, Informative

      Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.

      I would be more optimistic if it weren't for the fact that Apple went and deliberately developed "iBeacon", more or less deliberately designed for every sort of horrid 'location based service' and 'relevant offer' crap in the book.

      Architecturally, hunting for wifi networks with a spoofed MAC is a good idea; but it sure does look like Apple is cutting an attempt to track their phones the non-blessed way off at the knees, even as they actively provide a blessed way of doing it.

      In the same way, they cracked down on apps that used phone serial numbers, IMEIs and similar; but then built an "advertising identifier" right into their OS.

      They want to be sure that you find the experience of being sold tasteful and unobtrusive; but they aren't actually your friends, nor do they consider your hardware purchase to be sufficient to exempt you from being the product.

    4. Re:Apple Actually Cares About Privacy by Anonymous Coward · · Score: 5, Informative

      You make a good point. However, iirc, a user can completely diasable their iPhone's from repsonding to iBeacons. So even under the "blessed" way, a customer's privacy is still within their personal control.

    5. Re:Apple Actually Cares About Privacy by mwvdlee · · Score: 3, Insightful

      More specifically this is about 3rd parties tracking you, without paying Apple.
      All this does is close up the tracking options that compete with Apple's tracking options.
      As for Google, I suspect we'll see this happening on Android phones soon enough as MAC tracking competes with Google as well.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    6. Re:Apple Actually Cares About Privacy by sonamchauhan · · Score: 5, Insightful

      Correct. The only difference is that they don't like to share...

    7. Re:Apple Actually Cares About Privacy by Anonymous Coward · · Score: 5, Informative

      The only difference is that they don't like to share..

      Yes they do, they even say so in their privacy policy: “[Apple will] make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers.”

      In fact, if you read their privacy policy, you'd realize Apple gathers up about as much personal information on users as any other big tech company. The main difference is they say they don't connect the dots.In fact, they've been and are being sued for sharing too much user data...

      Personal user data big part of any technology company's business model these days. Even Apple.

      http://motherboard.vice.com/bl...

    8. Re:Apple Actually Cares About Privacy by justcauseisjustthat · · Score: 3, Informative

      Big difference iBeacon needs to be enabled per app, the user has control! Here the user was scanned without their consent, this new privacy feature is awesome.

    9. Re:Apple Actually Cares About Privacy by sonamchauhan · · Score: 3, Insightful

      Thanks - I suspected that this was the case, but wasn't sure.

      Location tracking stays turned off in my iOS device. A nuisance when you want a quick look at the streetmap of the area you're in.

      I suspect this entire ploy is so that iBeacons can be marketed more effectively.

    10. Re:Apple Actually Cares About Privacy by Tom · · Score: 3, Insightful

      It is true.

      The reason is that for Apple, you are the customer. For Google, you are the product, because its customers are the advertisers.

      --
      Assorted stuff I do sometimes: Lemuria.org
    11. Re:Apple Actually Cares About Privacy by Tom · · Score: 5, Informative

      Apple went and deliberately developed "iBeacon"

      Which works by Bluetooth, not WiFi, and it's basically a Bluetooth broadcaster. Also, it is opt-in.

      In the same way, they cracked down on apps that used phone serial numbers, IMEIs and similar; but then built an "advertising identifier" right into their OS.

      That you can opt out of.

      --
      Assorted stuff I do sometimes: Lemuria.org
    12. Re:Apple Actually Cares About Privacy by Tom · · Score: 4, Informative

      Location tracking stays turned off in my iOS device. A nuisance when you want a quick look at the streetmap of the area you're in.

      You know you can turn it on and off selectively, yes? Allowing certain apps to use it, but others not?

      --
      Assorted stuff I do sometimes: Lemuria.org
    13. Re:Apple Actually Cares About Privacy by SuricouRaven · · Score: 5, Informative

      No, it still provides your MAC to the network. Doing otherwise would break things - static DHCP reservations for one. It means the iPhone won't provide its MAC address *until* it finds a recognised network to connect to - it won't be broadcasting it constantly while you are out traveling or shopping.

    14. Re:Apple Actually Cares About Privacy by pmontra · · Score: 4, Informative

      They don't connect the dots for everybody for free. Become a strategic partner (that is: find a way to bring them more money) and they'll be happy do connect the dots for you. So don't be naive: Apple cares about its customers only when it can turn that care into profit.

      BTW, this app does the same on a rooted Android device.

    15. Re:Apple Actually Cares About Privacy by jedrek · · Score: 3, Interesting

      Apple's falling out with Google over Maps was about GOOG wanting more data and Apple not wanting them to gather it.

    16. Re:Apple Actually Cares About Privacy by Tom · · Score: 3, Insightful

      It goes back to the other comments, while others cannot track you. That doesn't mean Apple isn't doing the collecting themselves and selling it off, or being requested by the FBI, NSA to give up what they have.

      This makes for a pointless argument. Essentially you are saying that turning tracking off completely somehow gets respected, but turning it off selectively somehow doesn't. That makes absolutely no sense. If they want to sell you out, it doesn't matter how you disable tracking.

      --
      Assorted stuff I do sometimes: Lemuria.org
    17. Re:Apple Actually Cares About Privacy by thoromyr · · Score: 4, Insightful

      really? I know they were roundly accused of this with no evidence ever provided other than a bug which caused excessive *local* retention of location data. Interestingly, it came out at about the same time that *google* was in fact shipping the location data back to the mothership (something Apple doesn't do) with no retention limits evident.

      As a company, Google *depends* on eliminating privacy -- it is the source of their revenue. Apple depends on hardware sales. So while they make some money by selling aggregated data (and try to foist obnoxious things like itunes radio on their users) that is not actually their core business nor a significant part of their revenue stream. When Apple advertised an earlier incarnation of icloud as being better privacy they didn't call out Google specifically -- they didn't need to. The people who cared already knew who they are talking about.

      But somehow Apple is the anti-privacy company and google is okay. I never understand the fanboys.

      If you want to bust on Apple, great, I'm all for it. Just bust them on things they are actually guilty of and don't try to misrepresent them. They've definitely done some bad things, but strangely they don't seem to get beat up for things they've really done (or the issue is misrepresented).

      What I'm saying is that while it may be fun to trot out things like the "640K should be enough for everyone" to bust on Bill Gates that is an urban myth and he never said it. Instead, bust on him for things that he *did* do (like hire someone else to pirate CPM). Same for Apple and Jobs (I just have a somewhat better memory for the Microsoft end of things, hence using MS-centric example).

    18. Re:Apple Actually Cares About Privacy by Andreas+Mayer · · Score: 4, Insightful

      This is nothing more then PR twisting, by a company that is suspected of willfully working with spying/law enforcement agencies.

      To me to have the press sit there an report this without highlighting the companies past and current data collecting activities is misleading the public into thinking they are somehow safe, or just to give people a false sense of security as a way to sell more phones then your competitor.

      First, *every* US company is suspected to work together with the NSA. So Apple isn't worse off in that regard.

      Second, this feature is not about avoiding the NSA. The spooks can just utilize the cell network to track you. This feature is about *everyone else* trying to track you. Because, you know, not everyone is able to spoof a cell tower. But everyone *is* able to put up a WiFi hotspot.

      Third, *of course* this is about selling more devices. And what's wrong with trying to make money by offering something actually useful?

    19. Re:Apple Actually Cares About Privacy by Dixie_Flatline · · Score: 4, Informative

      Apple doesn't care as much about profit after the fact because they got 45% off of you as soon as you bought their phone.

      Even if you turn off every function on your phone--including the phone--and kept it in airplane mode the whole time like some sort of absurdly expensive iPod, Apple already made a profit.

      Apple cares about your privacy insofar as it allows them to put a bullet-point on the box that they can use to distinguish themselves from Google's model. Google needs information to make a profit. They make virtually no money off of Android itself; that's why buying a Nexus is so cheap.

      Essentially, Apple can afford to be stingy with information, and can afford for YOU to be stingy with YOUR information. Google can't.

      I'm sure Apple will turn your information into profit if it can, don't get me wrong. But it's not their primary business model. As long as the phone costs a lot of money, you can count on them being less interested in what you have to offer after the sale.

    20. Re:Apple Actually Cares About Privacy by Plumpaquatsch · · Score: 4, Informative
      https://www.apple.com/legal/privacy/en-ww/

      Privacy Policy

      Your privacy is important to Apple. So we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

      ...

      Disclosure to Third Parties

      At times Apple may make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers. For example, when you purchase and activate your iPhone, you authorize Apple and your carrier to exchange the information you provide during the activation process to carry out service. If you are approved for service, your account will be governed by Apple and your carrier’s respective privacy policies. Personal information will only be shared by Apple to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes.

      Service Providers

      Apple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever Apple operates.

      Others

      It may be necessary by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence for Apple to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

      We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party.

      --
      Of course news about a fake are Fake News.
    21. Re:Apple Actually Cares About Privacy by gnasher719 · · Score: 3, Interesting

      I'm sure Apple will turn your information into profit if it can, don't get me wrong. But it's not their primary business model. As long as the phone costs a lot of money, you can count on them being less interested in what you have to offer after the sale.

      In other words, you are Apple's customer. You are Google's product.

  2. but changing MAC is like filing serial# off a car! by Anonymous Coward · · Score: 5, Interesting

    At least according to the prosecutors who went after Aaron Swartz. His laptop got locked out of a network so he changed the MAC address with the built-in MacOS GUI utility and they said that was like filing the serial number off a car. Now all iphones are going to change it randomly during network scan? OMG, that's like a car that files off its own serial number every time you go around the block! Alert the authorities!!!!! Sigh.

  3. useless; who writes this crap? by Anonymous Coward · · Score: 3, Insightful

    The point is that there are many networks out there pinging for MAC addresses that the user DOESN'T connect to.

  4. Re:useless; who writes this crap? by wonkey_monkey · · Score: 5, Informative

    The point, obviously, is that you can't be identified by the access points you don't connect to.

    Of course you're traceable once you've connected; how else could you stay connected and get traffic to your device?

    --
    systemd is Roko's Basilisk.
  5. Lack of intent by Camael · · Score: 4, Insightful

    In your example, the prosecutors were able to argue that deliberately using a utility to intentionally change your MAC address was akin to taking steps to file off the serial numbers of a car. This is because Aaron intended to change his MAC address and deliberately took steps to effect the change.

    If future iPhones automatically change their MAC address, on their own, without any intervention by their user, where is the crucial element of acting with intent or deliberation?

    It is far too soon to cry wolf.

  6. Re:Security by fnj · · Score: 3, Insightful

    Uh, yeah. MAC filtering will work as well as it ever works, which is to say providing no more than the illusion of security.

    What this does accomplish, though, is a real measure of somewhat increased privacy.

  7. Re:Security by hobarrera · · Score: 4, Insightful

    Not, crappy security is not better that no security. When users know there's no security, they may be slightly cautious. If they belive there's security in place, they might let their guard down, so this false sensation of security is actually a bad thing.

  8. Re:How about malfunctioning devices? by hobarrera · · Score: 3, Insightful

    Your enterprise networks gets crashed by a [broken?] device that scans for availabe wireless networks?
    Looks like your enterprise network has some very serious issues you'll want to look into asap!

  9. Umm, no by Viol8 · · Score: 3, Informative

    It actually randomised the MAC address. Its been a long time since MACs were burnt into ROM and couldn't be changed. On Linux you can do it using ifconfig or one ioctl() in C.

    1. Re:Umm, no by gmack · · Score: 3, Informative

      RTFA, It only randomizes on scan and goes back to the original MAC address when it connects.. You are correct that it is easy to change the MAC address, but that doesn't change the fact that randomizing the mac address on connect would break things like DHCP reservations or MAC based white lists.

  10. Google is no better/worse than Apple by sjbe · · Score: 3, Insightful

    With Android, you can see the source code

    And you've seen the source code for the Android device in your hand? Right. Didn't think so. Hell, even if you compiled it yourself I seriously doubt you looked. Furthermore 99.9999% of people wouldn't have the foggiest idea where to find the relevant bits of code even if they did have the source code. Which they don't. And even if they did they certainly don't have time to review all the code themselves. I'm as big a supporter of open source as anyone here but I'm under no illusion that it protects me from a company like Google.

    Google isn't trying to hide anything from anyone, unlike Apple.

    If you believe that I have some property I'd like to sell you. Just because they have a cute motto about not being evil doesn't mean much. Google is no better than Apple when it comes to collecting and selling information about you. They are an advertising company and that is how they make their money. They may not sell all your specific information to specific buyers but they definitely are using that information to make money. And if you think they aren't hiding anything just try waltzing into their headquarters and snooping around sometime. Tell me how that goes for you.

  11. Re:This is worthless. by Splab · · Score: 3, Informative

    I think you are confusing standards with the real world.

    Your device is constantly beaconing to the entire world around it, what networks it knows - and it will often quite happily connect to annyone claiming to be that home network, enabling for all sorts of fun snooping attacks.

    Go lookup creepyDOL network and the presentation for same from Def Con.

  12. Random or pseudo-random? by Squidlips · · Score: 3, Funny

    The NSA wants to know

  13. Re:How is a paying customer the product? by Tom · · Score: 4, Informative

    When I buy a Google/ASUS co-branded Nexus 7 tablet from Google Play Store, how am I not the customer?

    Google mades a bit over $14 billion revenue. Just under $13 billion of that is from advertisement.

    Apple makes the vast majority of its $54 billion revenue on hardware, a small part ($4 billion) on software and iTunes sales and its advertisement revenue is so small it vanishes somewhere under "services" and I couldn't quickly find a number for it.

    Ask yourself which company is more likely to sell out your data to advertisers. The one that makes 90% of its money from them and 10% from you, or the one that makes 98% of its profits from you and 2% from them.

    --
    Assorted stuff I do sometimes: Lemuria.org